OAT

Utilities

lief.OAT.is_oat(*args, **kwargs)

Overloaded function.

  1. is_oat(binary: lief.ELF.Binary) -> bool

Check if the Binary given in parameter is a OAT one

  1. is_oat(path: str) -> bool

Check if the file given in parameter is a OAT one

  1. is_oat(raw: List[int]) -> bool

Check if the raw data given in parameter is a OAT one

lief.OAT.version(*args, **kwargs)

Overloaded function.

  1. version(binary: lief.ELF.Binary) -> int

Return the OAT version of the Binary given in parameter

  1. version(file: str) -> int

Return the OAT version of the file given in parameter

  1. version(raw: List[int]) -> int

Return the OAT version of the raw data given in parameter

lief.OAT.android_version(arg0: int) → LIEF::Android::ANDROID_VERSIONS

Return the ANDROID_VERSIONS associated with the given OAT version


Parser

lief.OAT.parse(*args, **kwargs)

Overloaded function.

  1. parse(Parse the given OAT file and return a Binary objectoat_file: str) -> LIEF::OAT::Binary

  2. parse(Parse the given OAT with its VDEX file and return a Binary objectoat_file: str, vdex_file: str) -> LIEF::OAT::Binary

  3. parse(Parse the given raw data and return a Binary object

raw: List[int], name: str=’’) -> LIEF::OAT::Binary

  1. parse(io: object, name: str=’’) -> LIEF::OAT::Binary


Binary

class lief.OAT.Binary

OAT binary representation

class VA_TYPES(self: lief.Binary.VA_TYPES, arg0: int) → None
AUTO = VA_TYPES.AUTO
RVA = VA_TYPES.RVA
VA = VA_TYPES.VA
property abstract

Return the Binary object

Warning

Getting this property modifies the __class__ attribute so that the current binary looks like a Binary.

Use the concrete to get back to the original binary.

add(*args, **kwargs)

Overloaded function.

  1. add(self: lief.ELF.Binary, arg0: LIEF::ELF::DynamicEntry) -> LIEF::ELF::DynamicEntry

dynamic_entry

  1. add(self: lief.ELF.Binary, section: LIEF::ELF::Section, loaded: bool=True) -> LIEF::ELF::Section

Add the given Section to the binary.

If the section should not be loaded in memory, loaded parameter have to be set to False (default: True)

  1. add(self: lief.ELF.Binary, segment: LIEF::ELF::Segment, base: int=0) -> LIEF::ELF::Segment

Add a segment in the binary

  1. add(self: lief.ELF.Binary, note: LIEF::ELF::Note) -> LIEF::ELF::Note

Add a new Note in the binary

add_dynamic_relocation(self: lief.ELF.Binary, arg0: LIEF::ELF::Relocation) → LIEF::ELF::Relocation
add_dynamic_symbol(self: lief.ELF.Binary, symbol: LIEF::ELF::Symbol, symbol_version: lief.ELF.SymbolVersion=<lief.ELF.SymbolVersion object at 0x7fc4dc7efb20>) → LIEF::ELF::Symbol

Add a dynamic Symbol to the binary

add_exported_function(self: lief.ELF.Binary, address: int, name: str='') → LIEF::ELF::Symbol

Create a symbol for the function at the given address and export it

add_library(self: lief.ELF.Binary, library_name: str) → LIEF::ELF::DynamicEntryLibrary

Add a library with the given name as dependency

add_pltgot_relocation(self: lief.ELF.Binary, arg0: LIEF::ELF::Relocation) → LIEF::ELF::Relocation
add_static_symbol(self: lief.ELF.Binary, symbol: LIEF::ELF::Symbol) → LIEF::ELF::Symbol

Add a static Symbol to the binary

property classes

Return an iterator over Class

property concrete

Return either lief.ELF.Binary, lief.PE.Binary, lief.MachO.Binary object

property ctor_functions

Constructor functions that are called prior any other functions

property dex2dex_json_info
property dex_files

Return an iterator over File

property dtor_functions

Destuctor functions that are called the main execution

property dynamic_entries

Return an iterator to DynamicEntry entries as a list

property dynamic_relocations

Return an iterator over dynamics Relocation

property dynamic_symbols

Return an iterator to dynamic Symbol

property entrypoint

Binary’s entrypoint

property eof_offset

Last offset that is used by the ELF format. Data after this offset are considered as overlay data

export_symbol(*args, **kwargs)

Overloaded function.

  1. export_symbol(self: lief.ELF.Binary, symbol: LIEF::ELF::Symbol) -> LIEF::ELF::Symbol

Export the given symbol and create it if it doesn’t exist

  1. export_symbol(self: lief.ELF.Binary, symbol_name: str, value: int=0) -> LIEF::ELF::Symbol

Export the symbol with the given name and create it if it doesn’t exist

property exported_functions

Return binary’s exported Function

property exported_symbols

Return dynamic Symbol which are exported

extend(*args, **kwargs)

Overloaded function.

  1. extend(self: lief.ELF.Binary, segment: LIEF::ELF::Segment, size: int) -> LIEF::ELF::Segment

Extend the given given Segment by the given size

  1. extend(self: lief.ELF.Binary, segment: LIEF::ELF::Section, size: int) -> LIEF::ELF::Section

Extend the given given Section by the given size

property format

File format EXE_FORMATS of the underlying binary.

property functions
get(*args, **kwargs)

Overloaded function.

  1. get(self: lief.ELF.Binary, tag: lief.ELF.DYNAMIC_TAGS) -> LIEF::ELF::DynamicEntry

Return first binary’s DynamicEntry given its DYNAMIC_TAGS

  1. get(self: lief.ELF.Binary, type: lief.ELF.SEGMENT_TYPES) -> LIEF::ELF::Segment

Return first binary’s Segment given its SEGMENT_TYPES

  1. get(self: lief.ELF.Binary, type: lief.ELF.NOTE_TYPES) -> LIEF::ELF::Note

Return first binary’s Note given its NOTE_TYPES

  1. get(self: lief.ELF.Binary, type: lief.ELF.SECTION_TYPES) -> LIEF::ELF::Section

Return first binary’s Section given its ELF_SECTION_TYPES

get_class(*args, **kwargs)

Overloaded function.

  1. get_class(self: lief.OAT.Binary, class_name: str) -> LIEF::OAT::Class

Return the Class from its name

  1. get_class(self: lief.OAT.Binary, class_index: int) -> LIEF::OAT::Class

Return the Class from its index

get_content_from_virtual_address(self: lief.Binary, virtual_address: int, size: int, va_type: lief.Binary.VA_TYPES=VA_TYPES.AUTO) → List[int]

Return the content located at virtual address.

Virtual address is specified in the first argument and size to read (in bytes) in the second. If the underlying binary is a PE, one can specify if the virtual address is a RVA or a VA. By default it is set to AUTO

get_dynamic_symbol(self: lief.ELF.Binary, symbol_name: str) → LIEF::ELF::Symbol

Get the dynamic symbol from the given name

get_function_address(self: lief.Binary, function_name: str) → int

Return the address of the given function name

get_library(self: lief.ELF.Binary, library_name: str) → LIEF::ELF::DynamicEntryLibrary

Return the DynamicEntryLibrary with the given name

get_relocation(*args, **kwargs)

Overloaded function.

  1. get_relocation(self: lief.ELF.Binary, symbol_name: str) -> LIEF::ELF::Relocation

Return the Relocation associated with the given symbol name

  1. get_relocation(self: lief.ELF.Binary, symbol: LIEF::ELF::Symbol) -> LIEF::ELF::Relocation

Return the Relocation associated with the given Symbol

  1. get_relocation(self: lief.ELF.Binary, address: int) -> LIEF::ELF::Relocation

Return the Relocation associated with the given address

get_section(self: lief.ELF.Binary, section_name: str) → LIEF::ELF::Section

Return the Section with the given name

get_static_symbol(self: lief.ELF.Binary, symbol_name: str) → LIEF::ELF::Symbol

Get the dynamic symbol from the given name

get_strings(self: lief.ELF.Binary, min_size: int=5) → List[str]

Return list of strings used in the current ELF file with a minimal size given in first parameter (Default: 5) It looks for strings in the .roadata section

get_symbol(self: lief.Binary, symbol_name: str) → LIEF::Symbol

Return the Symbol with the given name

property gnu_hash

Return the GnuHash object

Hash are used by the loader to speed up symbols resolving (GNU Version)

has(*args, **kwargs)

Overloaded function.

  1. has(self: lief.ELF.Binary, tag: lief.ELF.DYNAMIC_TAGS) -> bool

Check if the DynamicEntry associated with the given DYNAMIC_TAGS exists

  1. has(self: lief.ELF.Binary, type: lief.ELF.SEGMENT_TYPES) -> bool

Check if a Segment of type (SEGMENT_TYPES) exists

  1. has(self: lief.ELF.Binary, type: lief.ELF.NOTE_TYPES) -> bool

Check if a Note of type (NOTE_TYPES) exists

  1. has(self: lief.ELF.Binary, type: lief.ELF.SECTION_TYPES) -> bool

Check if a Section of type (ECTION_TYPES) exists

property has_class

Check if the class if the given name is present in the current OAT binary

has_dynamic_symbol(self: lief.ELF.Binary, symbol_name: str) → bool

Check if the symbol with the given name exists in the dynamic symbol table

property has_interpreter

True if the binary uses a loader

has_library(self: lief.ELF.Binary, library_name: str) → bool

Check if the given library name exists in the current binary

property has_notes

True if the binary contains notes

property has_nx

Check if the binary uses NX protection

property has_overlay

True if data are appended to the end of the binary

has_section(self: lief.ELF.Binary, section_name: str) → bool

Check if a section with the given name exists in the binary

has_section_with_offset(self: lief.ELF.Binary, offset: int) → bool

Check if a section that handle the given offset exists

has_section_with_va(self: lief.ELF.Binary, va: int) → bool

Check if a section that handle the given virtual address exists

has_static_symbol(self: lief.ELF.Binary, symbol_name: str) → bool

Check if the symbol with the given name exists in the static symbol table

has_symbol(self: lief.Binary, symbol_name: str) → bool

Check if a Symbol with the given name exists

property header

Return the OAT Header

property imagebase

Return the program image base. (e.g. 0x400000)

property imported_functions

Return binary’s imported Function (name)

property imported_symbols

Return dynamic Symbol which are imported

property interpreter

ELF interprer (loader) if any. (e.g. /lib64/ld-linux-x86-64.so.2)

property is_pie

True if the binary is a pie one

property last_offset_section

Return the last offset used in binary according to section headers

property last_offset_segment

Return the last offset used in binary according to segment headers

property libraries

Return binary’s imported libraries (name)

property methods

Return an iterator over Method

property name

Binary’s name

property next_virtual_address

Return the next virtual address available

property notes

Return an iterator to Note entries as a list

property oat_dex_files

Return an iterator over DexFile

property object_relocations

Return an iterator over object Relocation

property overlay

Overlay data that are not a part of the ELF format

patch_address(*args, **kwargs)

Overloaded function.

  1. patch_address(self: lief.Binary, address: int, patch_value: List[int], va_type: lief.Binary.VA_TYPES=VA_TYPES.AUTO) -> None

Virtual address is specified in the first argument and the content in the second (as a list of bytes). If the underlying binary is a PE, one can specify if the virtual address is a RVA or a VA. By default it is set to AUTO

  1. patch_address(self: lief.Binary, address: int, patch_value: int, size: int=8, va_type: lief.Binary.VA_TYPES=VA_TYPES.AUTO) -> None

Virtual address is specified in the first argument, integer in the second and sizeof the integer in third one. If the underlying binary is a PE, one can specify if the virtual address is a RVA or a VA. By default it is set to AUTO

patch_pltgot(*args, **kwargs)

Overloaded function.

  1. patch_pltgot(self: lief.ELF.Binary, symbol_name: str, address: int) -> None

Patch the imported symbol’s name with the address

  1. patch_pltgot(self: lief.ELF.Binary, symbol: LIEF::ELF::Symbol, address: int) -> None

Patch the imported Symbol with the address

permute_dynamic_symbols(self: lief.ELF.Binary, permutation: List[int]) → None

Apply the given permutation on the dynamic symbols table

property pltgot_relocations

Return an iterator over PLT/GOT Relocation

property relocations

Return an iterator over all Relocation s

remove(*args, **kwargs)

Overloaded function.

  1. remove(self: lief.ELF.Binary, dynamic_entry: LIEF::ELF::DynamicEntry) -> None

Remove the given DynamicEntry from the dynamic table

  1. remove(self: lief.ELF.Binary, tag: lief.ELF.DYNAMIC_TAGS) -> None

Remove all DynamicEntry with the given DYNAMIC_TAGS

  1. remove(self: lief.ELF.Binary, section: LIEF::ELF::Section, clear: bool=False) -> None

Remove the given Section. clear specify whether or not we must fill its content with 0 before removing

  1. remove(self: lief.ELF.Binary, note: LIEF::ELF::Note) -> None

Remove the given Note

  1. remove(self: lief.ELF.Binary, type: lief.ELF.NOTE_TYPES) -> None

Remove all Note with the given NOTE_TYPES

remove_library(self: lief.ELF.Binary, library_name: str) → None

Remove the given library

remove_section(self: lief.Binary, name: str, clear: bool=False) → None

Remove the section with the given name

remove_static_symbol(self: lief.ELF.Binary, arg0: LIEF::ELF::Symbol) → None

Remove the given Symbol in the .symtab section

replace(self: lief.ELF.Binary, new_segment: LIEF::ELF::Segment, original_segment: LIEF::ELF::Segment, base: int=0) → LIEF::ELF::Segment

Replace the segment given in 2nd parameter with the segment given in the first one and return the updated segment

section_from_offset(self: lief.ELF.Binary, offset: int) → LIEF::ELF::Section

Return binary’s Section which holds the offset

section_from_virtual_address(self: lief.ELF.Binary, address: int) → LIEF::ELF::Section

Return binary’s Section which holds the given virtual address

property sections

Return an iterator to binary’s Section

segment_from_offset(self: lief.ELF.Binary, offset: int) → LIEF::ELF::Segment

Return binary’s Segment which holds the offset

segment_from_virtual_address(self: lief.ELF.Binary, address: int) → LIEF::ELF::Segment

Return binary’s Segment which holds the address

property segments

Return an interator to binary’s Segment

property static_symbols

Return an iterator to static Symbol

property strings

Return list of strings used in the current ELF file. Basically we look for strings in the .roadata section

strip(self: lief.ELF.Binary) → None

Strip the binary

property symbols

Return an iterator over both static and dynamic Symbol

property symbols_version

Return an iterator SymbolVersion

property symbols_version_definition

Return an iterator to SymbolVersionDefinition

property symbols_version_requirement

Return an iterator to SymbolVersionRequirement

property sysv_hash

Return the SysvHash object

Hash are used by the loader to speed up symbols resolving (SYSV version)

property type

Return the binary’s ELF_CLASS

property use_gnu_hash

True if GNU hash is used

property use_sysv_hash

True if SYSV hash is used

virtual_address_to_offset(self: lief.ELF.Binary, virtual_address: int) → int

Convert the virtual address to an offset in the binary

property virtual_size

Return the binary’s size when mapped in memory

write(self: lief.ELF.Binary, output: str) → None

Rebuild the binary and write it in a file

xref(self: lief.Binary, Return all **virtual address** that *use* the ``address`` given in parametervirtual_address: int) → List[int]


DexFile

class lief.OAT.DexFile(self: lief.OAT.DexFile) → None

OAT DexFile representation

property checksum

Checksum of the underlying DEX file

property dex_file

Associated lief.DEX.File

property dex_offset

Offset to the raw lief.DEX.File

property has_dex_file

Check if the lief.DEX.File is present

property location

Original location of the DEX file


Class

class lief.OAT.Class(self: lief.OAT.Class) → None

OAT Class representation

property bitmap

Bitmap information used to quickly find which methods are optimized

property fullname

Class mangled name (e.g. Lcom/android/MyActivity;)

has_dex_class(self: lief.OAT.Class) → bool

True if a lief.DEX.Class object is associated with this OAT Class

property index

Index the DEX classes pool (lief.DEX.File.classes)

is_quickened(*args, **kwargs)

Overloaded function.

  1. is_quickened(self: lief.OAT.Class, dex_method: LIEF::DEX::Method) -> bool

Check if the given lief.DEX.Method is compiled into native code

  1. is_quickened(self: lief.OAT.Class, method_index: int) -> bool

Check if the Method at the given index is compiled into native code

method_offsets_index(*args, **kwargs)

Overloaded function.

  1. method_offsets_index(self: lief.OAT.Class, arg0: LIEF::DEX::Method) -> int

  2. method_offsets_index(self: lief.OAT.Class, arg0: int) -> int

property methods

Iterator over lief.OAT.Method

property status

Class OAT_CLASS_STATUS

property type

Information (OAT_CLASS_TYPES) about how methods are optimized


Method

class lief.OAT.Method(self: lief.OAT.Method) → None

OAT Method representation

property dex_method

Mirrored Method associated with the OAT method

property has_dex_method

Check if a Method is associated with the OAT method

property is_compiled

True if the optimization is native

property is_dex2dex_optimized

True if the optimization is DEX

property name

Method’s name

property oat_class

Class associated with the method

property quick_code

Quick code associated with the method


Enums

OAT Class types

class lief.OAT.OAT_CLASS_TYPES(self: lief.OAT.OAT_CLASS_TYPES, arg0: int) → None
ALL_COMPILED = OAT_CLASS_TYPES.ALL_COMPILED
NONE_COMPILED = OAT_CLASS_TYPES.NONE_COMPILED
SOME_COMPILED = OAT_CLASS_TYPES.SOME_COMPILED

OAT Class Status

class lief.OAT.OAT_CLASS_STATUS(self: lief.OAT.OAT_CLASS_STATUS, arg0: int) → None
ERROR = OAT_CLASS_STATUS.ERROR
IDX = OAT_CLASS_STATUS.IDX
INITIALIZED = OAT_CLASS_STATUS.INITIALIZED
INITIALIZING = OAT_CLASS_STATUS.INITIALIZING
LOADED = OAT_CLASS_STATUS.LOADED
NOTREADY = OAT_CLASS_STATUS.NOTREADY
RESOLVED = OAT_CLASS_STATUS.RESOLVED
RESOLVING = OAT_CLASS_STATUS.RESOLVING
RETIRED = OAT_CLASS_STATUS.RETIRED
VERIFICATION_AT_RUNTIME = OAT_CLASS_STATUS.VERIFICATION_AT_RUNTIME
VERIFIED = OAT_CLASS_STATUS.VERIFIED
VERIFYING = OAT_CLASS_STATUS.VERIFYING
VERIFYING_AT_RUNTIME = OAT_CLASS_STATUS.VERIFYING_AT_RUNTIME

Header Keys

class lief.OAT.HEADER_KEYS(self: lief.OAT.HEADER_KEYS, arg0: int) → None
BOOT_CLASS_PATH = HEADER_KEYS.BOOT_CLASS_PATH
CLASS_PATH = HEADER_KEYS.CLASS_PATH
COMPILER_FILTER = HEADER_KEYS.COMPILER_FILTER
CONCURRENT_COPYING = HEADER_KEYS.CONCURRENT_COPYING
DEBUGGABLE = HEADER_KEYS.DEBUGGABLE
DEX2OAT_CMD_LINE = HEADER_KEYS.DEX2OAT_CMD_LINE
DEX2OAT_HOST = HEADER_KEYS.DEX2OAT_HOST
HAS_PATCH_INFO = HEADER_KEYS.HAS_PATCH_INFO
IMAGE_LOCATION = HEADER_KEYS.IMAGE_LOCATION
NATIVE_DEBUGGABLE = HEADER_KEYS.NATIVE_DEBUGGABLE
PIC = HEADER_KEYS.PIC

Instruction sets

class lief.OAT.INSTRUCTION_SETS(self: lief.OAT.INSTRUCTION_SETS, arg0: int) → None
ARM = INSTRUCTION_SETS.ARM
ARM_64 = INSTRUCTION_SETS.ARM_64
MIPS = INSTRUCTION_SETS.MIPS
MIPS_64 = INSTRUCTION_SETS.MIPS_64
NONE = INSTRUCTION_SETS.NONE
THUMB2 = INSTRUCTION_SETS.THUMB2
X86 = INSTRUCTION_SETS.X86
X86_64 = INSTRUCTION_SETS.X86_64